Unbricking d6603 / xperia z3?
nailyk
22 May 2017
Sorry I will open another topic about hard-softbricked d6603.
Introduction:
I have two z3, one have hardware damage but still boot up. I wasnot able to fix that hardware damage with my air reflow station. So swapping emmc isnot a solution (for now).
I really would find a software way to solve this. I have almost any time it require and *some* lab equipments.
How I bricked it:
I 'accidentaly' wrote junk into the TZ partition while attempting to solve HW encryption support into LineageOS. To be accurate, the flashtool sin extract failed and I got like 8B of junk before the right header.
Anyway, the device doesn't start anymore.
What had been tested:
Here, in xda, there is almost everything I already have done. I will try to make a resume:
- With the known testpoint device got detected as "SOMC flash device" but no software seems able to handle it.
- flashtool recognise it but looks like there is no flash mode for it,
- s1tool is able to communicate, retrieve hardware ID and throw 'unsupported'
- The actual bootloader output show booting until TZ exec where it fail (obviously)
- Insert a sdcard clearly have effects as loading times increased a lot (depending of sdcard speed)
Someone on IRC really helped me with that sdcard trick but for now with no results. I just order a v30 sdcard because slow sdcard seems to be problematic on other devices he tried.
The idea behind sdcard is to write a specific gpt table, with the right partition type, as the preloader can load them, instead of the emmc ones.
Am wondering if:
- there is a specific testpoint for the sdcard swap,
- it is require to have specific board/box/software for jtag reflash (I prefer software way but, you know, I want to fix it) or a buspirate/raspberrypi can do the trick,
- a specific test point exist to use 'alt_' partition instead of normal ones / how trigger a copy of 'alt_' partition into normal ones?
Idea behind is: solve my device, make something usable for everyone (lot of devices are bricked on xda because of that bootloader DRM ****)
Thanks in advance for your advices.
P.S.: from the 'UART' connector (lets call RX 1 and the opposite one 20) I notice some similar curves with my scope (analog, no way to dump):
9 seems to be the 'SOMC' testpoint
11,12,13,15,16,18 have really similar curves: jump at high level while cpu is on, but only the 'SOMC' testpoint have a resistance of 150k?. All the ones listed have really low, or really high impedances.
P.S.2: sorry for wrong vocabulary and bad english, am really new to this world
Edited by nailyk, 22 May 2017 - 18:51.
Jurij
24 May 2017
I'm sorry but it's impossible to fix hardware problem using software. If your phone is on warranty, you can try to send it to Sony service centre for repair. If not, buy working Xperia Z3 compact with broken lcd and swap main board.
nailyk
24 May 2017
Jurij
25 May 2017
All you can try to do is to flash all firmware parts using professional service tool like Setool2 in order:
1. APPSW,
2. FSP,
3. ELABEL,
4. CDF.
If that will not help, i can't help you more. As far as i know all partition problems in current Sony phones can't be fixed without access to Sony's factory equipment.
nailyk
25 May 2017
Jurij
25 May 2017
All other 8974 device can be 'easily' fixed.
That's not true. We can flash only a few variants of Xperia smartphones using testpoint for example we can fix Sony Xperia Z1 C6903 variant, but with C6902 it will be a problem cause we do not have s1 emergency loader for that variant. We can't fix Xperia Z2, Z3 etc. And s1 emergency loaders are available only for people which has access to Sony factory service equipment.
I don't understand how setool2 works as it pop an error about smartcard at launch time.
Setool2 is paid software. You must have Setool2 smart card + reader or box + all current activations + sometimes credits on Setool2 account to service current Sony phones. And unfortunately that's most likely identify, flash, read / write trim area. For old 6 sony models unlock is available and for a few more boot repair in altbypass mode. But it's still the best tool on the market to service SEMC / SOMC phones.
What do you mean with Sony factory equipement? HW or SW? It seems the OEM tool is emma, with different access level.
Sony service centres and Sony factories have different types of service tools to fix / customize / lock or unlock Sony phones. For example network providers has access to Emma service tool + dongle + account with access level allowing to locking phones to the specific network provider. Authorized Sony service centres has access to Emma + dongle + account with access level allowing to customize or activate current Sony phones. All Emma users has access to S1 security server which generates s1 signatures for serviced phones protected by 2048-bit rsa key which is not broken till nowadays. That's why we do not have permanent unlock solution for current Sony phones. And there is also factory equipment called flashgordon + account with specific access level and that tool can do everything: has access to s1 emergency loaders, can fix damaged trim area etc. But all unauthorised operations are quickly detected by Sony, dongle is being blocked and user prosecuted.
You can try to contact with the_laser, creator of Setool2 box, maybe he will give you better advice than me. I have never tried doing tricks with phone like you, cause tampering with partitions in Sony phones almost always ends with bricked device, so i can't help you more
nailyk
03 Jun 2017
Thanks. I would mean lot of 8974, except Sony, can be easily unbricked: http://www.androidbr..._qpst_qfil_edl/ .That's not true. We can flash only a few variants of Xperia smartphones using testpoint for example we can fix Sony Xperia Z1 C6903 variant, but with C6902 it will be a problem cause we do not have s1 emergency loader for that variant. We can't fix Xperia Z2, Z3 etc. And s1 emergency loaders are available only for people which has access to Sony factory service equipment.
Ok don't know this. I will try to ask on their website and maybe purchase one.Setool2 is paid software. You must have Setool2 smart card + reader or box + all current activations + sometimes credits on Setool2 account to service current Sony phones. And unfortunately that's most likely identify, flash, read / write trim area. For old 6 sony models unlock is available and for a few more boot repair in altbypass mode. But it's still the best tool on the market to service SEMC / SOMC phones.
You helped me a lot. Knowledge is always goodSony service centres and Sony factories have different types of service tools to fix / customize / lock or unlock Sony phones. For example network providers has access to Emma service tool + dongle + account with access level allowing to locking phones to the specific network provider. Authorized Sony service centres has access to Emma + dongle + account with access level allowing to customize or activate current Sony phones. All Emma users has access to S1 security server which generates s1 signatures for serviced phones protected by 2048-bit rsa key which is not broken till nowadays. That's why we do not have permanent unlock solution for current Sony phones. And there is also factory equipment called flashgordon + account with specific access level and that tool can do everything: has access to s1 emergency loaders, can fix damaged trim area etc. But all unauthorised operations are quickly detected by Sony, dongle is being blocked and user prosecuted.
You can try to contact with the_laser, creator of Setool2 box, maybe he will give you better advice than me. I have never tried doing tricks with phone like you, cause tampering with partitions in Sony phones almost always ends with bricked device, so i can't help you more
For now am still trying (with some help) to boot from the 2nd sd channel. We know the sdcard had effects (see xda thread) but dont know what is missing into to get the sdcard partition booted instead of emmc ones.
Indeed it seems emma have all the necessary tools. And as it is java application it should be almost easy to re-implement some functions. However, like you said, am afraid that a 'custom' version will not be able to sign new images. Am wondering if the 'developper' version are signing them we someone did a full stock reflash.
As I have multiples devices we are able to 'see' how a working device act, dump partitions etc... Hope being able to fix that some days.
Cheers.
Jurij
03 Jun 2017
What emma you are talking about? I suppose we are talking about two different programs.
nailyk
03 Jun 2017
Jurij
04 Jun 2017
This is just a flasher, as a PC Companion, can flash only working phones which are able to boot into flash mode and has correct trim_area, security units, partitions etc. It's completely different thing, i was talking about Sony service tools Anyway good luck with fixing your phone
nailyk
04 Jun 2017
Jurij
04 Jun 2017
Because i was talking about Sony service tool, not free flashtool for developers.